Your message dated Tue, 17 Jan 2012 18:17:09 +0000
with message-id <E1RnDan-0004Fo-AF@franck.debian.org>
and subject line Bug#650160: fixed in user-mode-linux 2.6.32-1um-4+41
has caused the Debian Bug report #650160,
regarding Changes from longterm release 2.6.32.49
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
650160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650160
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Package: src:linux-2.6
Version: 2.6.32-39
Severity: important
[Actually based on 2.6.32.49-rc1.]
[SCSI] st: fix race in st_scsi_execute_end
Fixes use of freed memory in the st (SCSI tape) driver which could
result in a crash or other unpleasant results.
[SCSI] Make scsi_free_queue() kill pending SCSI commands
Fixes potential I/O hang after SCSI device removal.
NFS/sunrpc: don't use a credential with extra groups.
Fixes a bug in matching of cached credentials for SunRPC requests,
including file access as an NFS client. If process A has the same uid
and primary gid as B and a superset of its secondary gids, and B
accesses an NFS server after A, then A's credentials including the
extra gids may be used for B's file access.
This seems to be primarily interesting if A has different real and
effective uid, as otherwise B could always hijack A's credentials
using ptrace.
netlink: validate NLA_MSECS length
I think this fixes an information leak or (unlikely) local DoS
exploitable with CAP_NET_ADMIN.
mtd: mtdchar: add missing initializer on raw write
Fixes raw NAND write functionality.
PM / Suspend: Off by one in pm_suspend()
Fixes validation of requested suspend state. So far as I can see,
user-space cannot provide an arbitrary state value (except possibly
through OOT modules) and this has no security impact.
hfs: add sanity check for file name length
Fixes potential buffer overflow when accessing an HFS filesystem
(CVE-2011-4330).
kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
kbuild: Fix passing -Wno-* options to gcc 4.4+
Suppresses widespread compiler warnings when building with gcc 4.6.
Should have no effect otherwise.
ASoC: wm8940: Properly set codec->dapm.bias_level
No effect on Debian kernel configurations.
md/raid5: abort any pending parity operations when array fails.
Fixes potential crash if an md-raid RAID5/6 array loses enough
disks that it is no longer usable (>1 or >2 respectively).
[media] Remove the old V4L1 v4lgrab.c file
Removes outdated example code.
Revert "ALSA: hda: Fix quirk for Dell Inspiron 910"
Reverts change in 2.6.32.42 (our 2.6.32-36) that resulted in a
regression (no audio output) for this specific model.
drm/i915: Sanity check pread/pwrite
drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
Fixes CVE-2010-2962. We don't normally take drm fixes from this
series and we already applied these in 2.6.32-25.
genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier
Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration). We already fixed this by
reverting the change that introduced the regression, but this should be
better.
mm: avoid null pointer access in vm_struct via /proc/vmallocinfo
Fixes potential DoS by local user.
ipv6: udp: fix the wrong headroom check
Fixes remote DoS (most likely from a VM guest) by sending UDP/IPv6 to
a bridge that has UFO enabled while the output port does not
(CVE-2011-4326). I'm not convinced that this configuration is
possible in 2.6.32, but I could be wrong.
USB: serial: pl2303: rm duplicate id
Stops this driver binding to a 'WinChipHead' branded device that
should be handled by the ch341 driver.
USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c
Fixes corruption of data transmitted through this serial driver during
reconfiguration. (Changing e.g. the bit rate can be expected to to
this, but this bug affected any reconfiguration.)
usb-storage: Accept 8020i-protocol commands longer than 12 bytes
Enables support for some USB drives >2 TB.
USB: add quirk for Logitech C600 web cam
USB: quirks: adding more quirky webcams to avoid squeaky audio
Workaround for more buggy webcams that tend to fail after
suspend/resume.
tty: Make tiocgicount a handler
tty: icount changeover for other main devices
This is the general fix for CVE-2010-4075, CVE-2010-4076 and
CVE-2010-4077 which we already applied in 2.6.32-31.
Ben.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash